One of my favorite ways to relax is to cut up some old magazines and make collages out of them. One reason why collages are so relaxing is that I can start them without a pre-planned project in mind and just let my subconscious and the random materials in front of me suggest the theme. Stress is a common theme, because I tend to start them when I need to work some stress out of me. Another reason is that so much printed media, like all media, is filled with images that scream out desperation.
Most media has been on a trend during our lifetimes to become more and more extreme in intensity in order to feed what some people call the “attention economy” or the “addiction economy”. Many media companies rely on an intangible resource to generate revenue – that resource is our eyes on their content. Whatever distraction can direct our attention to them and away from real life is how many corporations generate revenue now. We are not people to them, but a resource to be exploited to fullest extent possible.
A lot of friends pass old magazines on to me to use in collages, and somehow, I don’t know how or why, I’ve been getting US magazine in the mail. The theme of a lot of my art and writing is media analysis, so I don’t mind getting these magazines to see the bizarro world that some people live in and the desperation on display when celebrities need your eyes on them in order to make money and promote the bizarro world agenda. Excess can be both entertaining and disturbing. I’ve done some study on what kind of toll it takes on the people who view it, and I plan to write more in that vein on an ongoing basis. Paging through the celebrity magazines, I also thought about the mental health of the people who go to extreme measures to remain in the top echelon of attention grabbers. Surgeries, diets, fashions, casting couches, drugs, abuse – what won’t they put themselves through in the quest for status in an insulated and dehumanizing system? When they break down, how do they feel about entertaining the masses with evidence of their pain and destruction? When they look at images of themselves, are they looking for signs that the cracks are showing, knowing that untold other sets of eyes are looking for that too and hoping they find some? When does what is on the inside start to show on the outside?
To make this collage I used a stencil I have that looks like a film contact sheet to make a grid in pencil on a plain piece of white cardstock. Using a template I made with a window opening the size of the rectangle openings in the stencil, I started building up images on separate pieces of white cardstock. After adding images to each rectangle, I added textures from stencils and an a black outline with markers. I used a gray marker to add some lines to the background, and gray and black markers with the stencils to add some more texture on and around cut out words, rearranged a bit.
I deliberately tried to choose less than flattering celebrity photos on which to glue mismatched facial features to make them look more “crazy” to show how I feel about corporations and government trying to use media and celebrities and communications professionals to try to force me to accept a bizarro world as my world. The Urban Dictionary states that a bizarro world is a place where everything is the opposite of the word used to describe it. For example, “good is bad, wrong is right, white is black, logical is illogical, giving is taking, insanity is sane”, etc. It’s one of my theories, shared by many, that those who start out relatively mentally healthy generally pay a price on the inside for living in a bizarro world and being coerced into propagating its false values. Picking up one of these magazines, no I don’t believe some of the messages it’s trying to send me. Ugliness is not beauty, exploitation is not empowerment, sickness is not health, artificiality is not freshness, materialism is not happiness, and celebrities are not just like us! And no, war is not peace, freedom is not slavery, ignorance is not strength. And I don’t love Big Brother either. So there!
When I started the collage, I initially intended just to have some silly fun with some silly magazines and not necessarily think about such serious topics. I can’t seem to stop analyzing media when I see it I guess. I hope my next art or craft project will stay more on the lighthearted side!
Here are links to the stencils I used, on sale in my store:
In early 2020, I participated in an art show at Webster University called “Back to Our Roots”. I dedicated my entry for the show to my late friend Mark Reed who passed away in 2018. At the time I was in this show, I started an artist statement to go along with my entry and I put it on one of my web sites. Like a lot of my projects, it grew bigger and more elaborate than I planned at first, and is still in progress. I ended up including grief about several other things in the process which is one of the reasons the series got bigger and bigger. It’s expanded almost to the size of a mini book, kind of like a mini memoir using my art journal and artwork as a jumping off point to write about my life so far.
My original intention in starting these pages which I’ll link to below was to help me process my grief over Mark and explain what my art journals were all about. At the “Back To Our Roots” opening I included little pieces of paper with the QR code to my web site so that show visitors could access the artist statement in progress from smartphones. The show was forced to close early, first from vandalism and then from COVID-19, so not very many people were able to see the original show.
Since I began the project, I have experienced more grief of an even more serious magnitude. It was caused by the type of trauma that when I hear about similar things happening to others I ask myself “how do people live through that”? I’m doing a lot better, thanks to therapy and a lot of writing and art making. While I’m getting better, there are people I know getting one piece of bad news after another. I just heard this morning from a friend whose family, like mine, has recently been impacted by suicide. For all those out there who hear bad news and wonder “how do people live through this”, or are wondering how they are going to cope with something in their own life, maybe my artist’s statement ongoing project will help.
If you would like to read what I’ve written so far, here is an index to all the existing “chapters” in progress. Just click the “back” and “next” graphical buttons to navigate forward or backward.
The 2022 Winter Olympics are going on right now. When I was younger, I used to really enjoy watching the Olympics. It was inspiring to watch a competition from beginning to end knowing that for some of the athletes, the years of dedication were going to pay off for them in a big way. These days I’m not tuning in because apparently it’s impossible to watch a whole competition without buying a subscription to something I don’t want, or doing something shady with VPNs. It’s not worth the hassle.
Fortunately, I was able to experience the inspirational side of sports by going on a road trip with Tom to Indiana University for a track meet in January. Tom sometimes takes jobs as a track meet official on weekends. I had a great time watching Tom and watching some of the competition. I needed to get some walking in to help recover from my recent broken foot, so I walked from the hotel to the Harry Gladstein Fieldhouse where the meet was taking place. Along the way, I noticed a lot of fine limestone sculpture and limestone architecture.
I was reminded of one of my favorite books from when I was a pre-teen – Breaking Away. I bought the Scholastic Book Services version of the novel and later on I saw the movie. Indiana University is the setting for the book and the movie. In the Breaking Away story, the local young people were looked down on by some of the university students. They were nicknamed “cutters” as an unflattering reference to limestone quarrying being a major industry in the area. When I saw all the limestone, it brought back memories of the book and movie. Tom and I are going to be going back to Indiana University again, and when we do I hope to do more exploration of the stone architecture on campus. It’s really impressive! I might even see if I can get Tom to watch the movie before we go because I know he would enjoy seeing where some of the scenes were filmed.
After the track meet, since it was January and not the most comfortable time for leisurely strolls around campus, we went to the Sidney and Lois Eskenazi Museum of Art for some indoor art viewing. There is a lot to see in there. We toured it for three hours and didn’t come close to absorbing everything to my satisfaction, so I’ll be back. There is also a greenhouse on campus you can tour which I didn’t get to on this recent trip. I want to visit more indoor and outdoor sites the next time we go.
Seeing the college athletes competing helped inspire me to work hard to overcome my injury, and the wonderful art fired up the creative part of me. Overall, this trip was a huge boost to wellness. A road trip sure helps uplift my mind, body and soul. I’m looking forward to doing it again soon!
To see the pictures I took along my walk and inside the Field House, go to this photo album and click the right arrows:
…it’s from St. Nicholas Day! The stocking in this picture is from the 1970s. My Mom made a pair of these one year to put St. Nicholas Day treats in for my brother and I when we were kids. If my memory is correct, we each had a bag of white chocolate covered pretzels and a bag of little plastic toys. Larry had cowboys and Indians (that’s what we called them then!), and I had dinosaurs. I loved the insanely bright colors my dinosaurs came in – loud grass green, super yellow and hot red. Propped up near the stockings was a Chipmunks Christmas album. It’s hard to describe how much fun we had with these items! We played the album to death and I know we had fun with the toys. Decades later some of them would be unearthed from the soil under potted plants that used to stand in for “the jungle” during “adventures”. For some reason that St. Nicholas Day stands out more vividly than almost any other Christmas memory.
I’ve been trying to get my act together to make some new St. Nicholas Day crafts to bring back some of these memories and make new happy memories but I didn’t get on it in time. Like last year, I looked for some Dutch shoe patterns and looked at a Christmas and Winter Crafts Pinterest board I’ve been using to collect ideas for a few years but that’s as far as I got. The meaning of St. Nicholas Day is worth knowing and contemplating.
Tom knows how special these stockings and St. Nicholas Day are for me and he had a treat ready for me in one of them this morning. So now I have a big smile on my face! Thank you Tom! I love you!
Even though I have a great deal to be thankful for, due to recent bereavement and a frustrating injury that is still a problem I was in a pretty bad mood for last week’s Thanksgiving holiday. Sewing has been keeping me from feeling a lot worse. Fortunately I’ve been really excited about making craft items to hopefully be used in a retail display someday. If all the parts aren’t done for this year I’m aiming for the next. One of the things I’m learning to get better at as I work on my Master’s degree is merchandising and displays. I wrote a paper in 2020 about some ideas I want to try and this project is an attempt at realizing some of what I wrote about. The professor wanted me to write the project as if it was a company with 50 employees, so I made it pretty ambitious and one person can’t do it overnight! So while some people have asked me if I want to sell these stuffed animals I just made, for now that is not the plan. They are inspiration for a “collection” that is going to have a lot of parts. I did find a person on Etsy who is selling some of the animals from this pattern for a very reasonable price.
I’ve wanted to try the pattern shown in the image above, Simplicity 1549, for awhile so this seemed like a good time. Sometimes I like to design my own patterns but this one was so cute I could not resist! I used all upcycled or leftover fabric for my versions. I didn’t make the owl yet because I think it’s kind of out of scale and I have another owl pattern I like better that I might enlarge a bit and use later. I do have some bird patterns for adding some woodland songbirds eventually as well.
The deer and the fox are harder to sew than the raccoon and the bunny because of their small size. I did make it harder for myself with some of my fabric choices – because I was using upcycled fabric and was initially making my choices based on color and pattern and texture, I didn’t consider the fabric thickness that much and I ended up using upcycled khaki shorts and upholstery fabric for the deer which were thick enough that I wasn’t sure I was going to be able to turn all the parts inside out! But somehow I did it. If I ever sew the deer again I’ll enlarge the pattern AND use thinner fabrics so it’s not so difficult.
I’m continuing with my interpretation of a woodland/lodge theme as I make more items. Here are a couple of stockings I made with a pattern that my Mom used circa the late ’70s or early ’80s.
I altered the stocking ornament to make it a bit bigger, and I changed where the top piece was placed to make them a little longer. I used a scrapbooking stencil that my friend Julie gave me a long time ago to trace the leaves out of felt for the fronts. There are going to be more of these, and they will have a hanging loop.
I remember Mom making the tree skirt from this pattern, the ornaments, and I think the wreath. I’m not sure if she made the large stockings or not. I don’t remember seeing them if so. I know Dad still has the tree skirt and ornaments. She also made a matching table runner which Dad still has.
The memories this pattern brings back are intense. It was more exciting than I can say to be a young crafter watching my Mom make all these items (and much more!). And it’s difficult to describe the bittersweet feeling of finding those fabric scraps you see there in the envelope when I was getting out the pattern pieces. There are tears falling and drying on my keyboard as I write this. Mom probably put those scraps in there so she’d know what fabric to get more of if she ran out. They were probably in there for at least 40 years. The awareness of what has happened to our family between then and now is pretty shocking, and I know we are not alone. It’s part of the human condition, and crafting and the arts are great gifts from our creator that are powerful aids in helping us cope.
Each holiday season involves both the past and the future. To turn my thoughts back to the future for now, here is a Pinterest board as I made as kind of a “mood board” for this project. If you find the theme I’m working with inspiring you might want to check it out!
Toward the end of my recent Social Engineering class at Webster University, we were asked to speculate on our final exam and in class discussions on the future of social engineering in the face of upcoming technology trends. Here is a compilation of some of the questions followed by my answers.
“‘Question: What will social engineering look like in 10-15 years? New SE techniques to use against targets? Better AI defenses protecting from online attacks? What is going to happen going forward?’
I was looking through some magazines my brother gave me last year and found articles relevant to the topic of future security challenges. The pandemic may not have put a freeze on innovation for a full year, but it probably slowed things down. So these articles I’ve viewed are probably not too out of date. My participation in the IT industry over the years has been as a creative – so I’m not that technical. I’m summarizing the technology aspects the best I can from one article in particular – “Technology Predictions from a [Precision] Electronic Test Thinktank”.
According to Microwaves & RF magazine, these are some of the trends that will help shape the future (Alexander and Harris). As I summarize I will frame them to emphasize issues most relevant to social engineering.
5G networks will increase the power and capabilities of anything that is wireless, creating more innovation and adoption of applications.
Much new software with updated standards and certifications will be needed to run all these new applications, and users will need to be educated on what the software is capable of.
Artificial intelligence will be built into processors and chips. Quantum systems will need this capability to “control, measure and error-correct”.
Hardware will be designed to exploit the new faster speeds and processing power. Customers for the hardware are interested in providing satisfactorily speedy service to users but are even more intrested in “customer traceablility through the network for application monetization”.
More collaboration between international regulatory agencies and the technology providers will be required.
More consumers will use “Internet of Things” products and these devices will increasingly communicate with each other.
Human intervention will increasingly be removed from the loop.
Engineering education will become more holistic and interdisciplinary to bring awareness to engineers on the effects of technology on society and the environment and to aid in the developement of artificial intelligence, automation and robotics.
In my Project #2 for this class, an important part of the (proposed, hypothetical) operation is to identify individuals who are more prone to risky behavior, and exploit that tendency. I did some research on the psychology behind risky behavior to refine the ideas. I found an article by a psychologist that was very persuasive to me. One of his theories is that there are people strongly attracted to sensation seeking that sometimes can go too far and take their search for new thrills into risky territory (Zuckerman). Sensation seekers enjoy novelty and constant change among other things. Tech gadgets are a great way to appeal to the desire for novelty and change since there is something new to try seemingly every time you look. If predictions are correct that the Internet of Things will enjoy increasing adoption and power, I see this as a great vulnerability – especially since psychologically, the people seeking the most novelty and change could be the same indivduals who engage in risky behavior and therefore could be less concerned with safety breaches.
While doing research for Project #2, I uncovered an article about a hidden microphone in an IoT product being misused to harm people with verbal abuse in their home. The manufacturers and designers left the vulnerability there, and hackers exploited it (McKellop). We could be even more vulnerable if manufacturers, designers, regulatory agencies and software developers go beyond carelessness and perpetrate deliberate harm. This is not a far-fetched concern because it has already happened. Facebook experimented on its users to manipulate what they posted by causing sadness among other emotions (Booth), and Google has experimented with how to manipulate our behavior by creating anxiety and causing cortisol levels to go up in users of its products (“Brain Hacking”). These practices harm human health, mental and physical. With more devices in the home, we theoretically would be increasingly prone to failing to keep up with all the threats, and not necessarily only from humans.
There are science experiments being carried out now using fungus organisms to build networks that can carry electrical signals, like computer chips. The carrying ability is confirmed, but they are too slow to replace silicon chips – for now. Some fungi are capable of performing tasks such as foraging for food, hunting live meat, navigating mazes, warning plants in it’s network about insect hazards, controlling the behavior of invertebrate animals, moving resources around to plants in the network that need it most, inhibiting some kinds of plant growth and teaching themselves to exploit new, previously unknown food sources, such as cigarette butts. That’s not a complete list but enough to give you the idea. Networks that connect plants with fungi and with each other are known as the “Wood Wide Web”. Scientists are trying to find out if fungal networks can be used for bio-computing and if we can transfer information and directives from a computer to a fungus. Scientists are also trying to figure out if fungi are intelligent or sentient (Sheldrake).
The idea of being surrounded by devices with artificial intelligence chips in them that can communicate with each other without human input is pretty weird, but looks like it might really happen. What if they find a way to communicate with fungi or other species as well? The late author Michael Crichton could write a good thriller about this if he was still with us!
I found an article that claims that Facebook robots have demonstrated the ability to make up a language that only they understand to use between themselves, while also demonstrating the ability to social engineer each other (Griffin). I have mentioned my two European Starlings before that I live with. They have the ability to social engineer me, and I have social engineered them. Their language abilities are not unlike what the article describes about the two Facebook robots. More research needs to be done (I engage in a lot of speculation in this section), but the starlings seem to me to have language that falls in about four categories. One category is a set of sounds that are hard-wired in that all starlings share. They start gaining the ability to add to that set of sounds when they are about 4-6 months old. Another set is “conversational”. They add to their vocabulary throughout life depending on what sounds are around them, and family groups and regional groups share some of the same vocabulary. My starlings have some sounds that we use between me and them and they have some sounds they use only with each other, so I wonder if they have two “conversational” languages or just somewhat diffent vocabulary for me and for each other. They have the ability to mimic human speech to the point of occasionally forming new sentences that follow predictable real life English grammar rules, including proper use of adverbs and voice inflections at the ends of sentences that fit the meaning. In other words, they have made up new sentences by combining other phrases that were not originally a question but create a question and inflected it like a question. That got my attention! They don’t always get grammar exactly right – they have added “You’re so birdy” to the list of phrases they heard from me that they love to say – “You’re so pretty”, “You’re so sweet”, etc. They can learn from other species of birds too – while boarded with two African Grays for a few days they came home with some new phrases I never say such as “Hello Princess!”. The last language category I’m aware of is the “song”. This also includes vocabulary that is learned throughout life and some of the elements are shared by regional and family groups. But it is not conversational. It’s a performance that they rehearse and refine constantly (at least the male does) and perform over and over in the same order. It identifies them individually and appears to be used for different social purposess such as humiliating defeated enemies, claiming territory, attracting mates, and showing off status. It’s theorized that the longer and more complex the song is, the greater their status is.
The birds are good at reading my body language, and I have taught myself the best I can to read theirs. We communicate on some simple matters quite well using a combination of verbal and body language but I don’t know if they know abstract concepts or how to communicate them. They have a pretty good grasp on a lot of social concepts though. Attila has a sound that means “I acknowledge your request but I don’t feel like doing it”. The sound for “ok I’ll do it” is different. They are very trainable but strong-willed. It’s fairly easy for them to learn things but if they aren’t in a good mood they may refuse to do it. She has another sound that I know means “fill the food dishes before you go to work”. They both appropriate and invent sounds and combinations extensively. I suspect that people who are studying language in all kinds of beings, including AI, could benefit from living with starlings. Mine have shown me some possibilities of inter-species communication that I never imagined in an animal other than maybe a dolphin or gorilla. If Facebook’s bots could produce and interpret a sound-based language, it’s easy for me to imagine the possibility that starlings or other animals with similar language capabilities would be able to communicate with them rather well and in languages that humans wouldn’t necessarily know. Starling’s voices are often described as “robotic” or “electronic” anyway, and even wild starlings sometimes sound like R2D2! Birds can have moods. Will AI robots have moods? If so what happens if they are in a bad mood or hooked up to a species that can have moods?
So a frontier of artificial intelligence, technology and social engineering could very well have a biological component to it that goes beyond human biology, with humans being the builder and the initial programmer but not necessarily in control. Artificial intelligence might someday interface with other species. For example is it possible that another species besides humans could learn to program fungi? Some fungi can program ants, after all (Sheldrake). Could a fungus use a computer or another species or both as part of a network to send and receive information and directives?
‘Question 5. Bring the Science of Social Engineering together with the various techniques and aspects of social media, the Triad of Disruption, along with the many methods and processes we have learned in this course, into your summary understanding of Social Engineering in the modern world. Feel free to use examples, experiences, and thoughts on the future of this discipline.’
I suppose as every person gets older, they have to reconcile what they thought the future was going to be like long ago vs. how it really is. The role of technology in our lives has been fascinating to me since I was first old enough to be conscious of it.
I have been a big fan of Mid-Century modern design, especially architecture, since I was a teenager. One of the things that attracts me is the way the shapes and lines and forms evoke emotions of excitement and optimism. From much reading and study over the years, I believe that a pervasive belief in the culture that new technology equals human progress is what drives that spirit.
During the time of Web 1.0, the “dot com bubble” era, there were new images appearing to signify the same idea in a way that referenced the internet and computers. You could indicate that your organization was technically advanced by using certain shapes and symbols, and some of them were even recycled from the Mid-Century modern era. Many people believed that a technical revolution was going to lead to a better life. It was a very exciting time. Every day I went to my job as a web designer with the feeling that I was helping remake the world in a bold new way and more freedom and prosperity for all people would result.
I feel very disappointed, and even betrayed, by what is actually happening now, so well summarized in your (I’m referring here to a diagram made by my professor Dr. James Curtis) Triad of Disruption diagram. It seems as though the destructive ideas are spreading faster than the constructive ones. This class has taught me a lot of ways to try to slow the destruction down. That is valuable knowledge to have and I will try to teach as many people as I can.
Besides knowledge needed to prevent attacks and retain as much of our agency as possible, I think more holistic education to bring more disciplines in contact with each other might be needed to remind ourselves of what it means to be human. Because I have an art degree as my Bachelor’s, I know what it’s like to be looked down on for not being in one of the STEM fields. Are the humanities looked down on and machines elevated because of people’s attitudes toward themselves? That is something I would like to explore in the future – getting back in touch with our humanity to restore some aspects of the human spirit I believe are being neglected.”
It was emotionally difficult to research and write the above comments for class because so many futuristic trends seem horrifying. I find the trends toward collectivism and robotics dehumanizing and dystopian. I’m also in a similar state to many people trying to regain a sense of connection with other people after a period of relative pandemic-induced isolation. My husband and I did not have our work routines changed as much as most, but we struggle to feel connected sometimes. Since outdoor activities are getting back to normal more quickly than indoor ones, volunteering at community gardens and camping are a couple of coping strategies we’ve been employing lately.
In the next installment of “Bringing Back the Human Touch”, I’ll write more about antidotes for an excess of technology and dehumanization!
Alexander, Jay and Jeff Harris. “Technology Predictions from a [Precision] Electronic Test Thinktank.” Microwaves & RF, March 2020, pp. 21-24.
Q. Explain the concept of social engineering Framing. Why is it a key fundamental in a social engineering plan? Provide an example of Framing in your own context of a work or social setting.
Framing is how a Social Engineering target dynamically reacts to a situation based on life experiences and their own traits and characteristics (Hadnagy 159-160). Social Engineers use a technique called frame bridging to close the gap between the scenario a Social Engineer wants the target to respond to and personal facts about the target. A pretext is a strategy the Social Engineer has prepared to bridge the frame – in other words overcome resistance to the scenario.
Today I received the following phishing email. A screenshot of the email is below, and text with the link removed follows. The links are not live because it is a graphic, and no one should click on them if they were live.
My name is Veronica.
Your website or a website that your company hosts is infringing on a copyright-protected images owned by myself.
Take a look at this document with the links to my images you used at www.chasenfratz.com and my earlier publications to obtain the evidence of my copyrights.
Download it now and check this out for yourself:
(url probably leading to something bad was here)
I believe you have willfully infringed my rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $150,000 as set forth in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.
This letter is official notification. I seek the removal of the infringing material referenced above. Please take note as a service provider, the Digital Millennium Copyright Act requires you, to remove or disable access to the infringing materials upon receipt of this notice. If you do not cease the use of the aforementioned copyrighted material a lawsuit will be commenced against you.
I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.
I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
Best regards, Veronica Garcia
It’s possible that whoever sent this message, whether a person or a bot, distributed them to anyone they could get to who has a blog. Social Engineers deliberately choose words that evoke emotions in the receiver (Hadnagy 163). Clearly fear is what I’m supposed to feel while reading a message like this. There are a lot of scary-sounding legal terms and phrases thrown around, and the dollar amount of possible damages that supposedly could result if I don’t act is high.
The purpose of invoking strong emotions in a target is to get the amygdala in the brain to compel the target to act and click the link before the logical part of the brain says “wait that might be a phishing email” (Hadnagy 184-185). The basic human emotions of anger, surprise, fear, disgust, contempt, sadness or happiness are tools that Social Engineers exploit for different purposes (Hadnagy 163).
If I wasn’t sure about the authenticity of the above email, I could look up the law that has been cited and the name of the artist or designer claiming infringement to see if there is any possibility it might be real. I’m not even bothering to do that, because there are several things about my particular framing that this pretext did not succeed in bridging even that far.
I’m currently enrolled in a Social Engineering class and the kind of activity represented in this email is foremost in my mind and has been for weeks.
I’ve actually received a genuine email recently regarding trademark infringement. The allegation of trademark infringement was about an adhesive dots product I had been selling in my Etsy shop. I had used the phrase “glue dots” as a tag to help describe the product when another company claims the phrase “glue dots” as a registered trademark. In my opinion “glue dots” is way too generic a phrase to legitimately claim a trademark on, but my opinion means nothing. For one thing I’m not even an attorney. Etsy informed me that they had removed my listing for that product. Just to make sure the issue was real, I contacted the law firm mentioned in the email and the manufacturer of the product in question. The law firm did not answer my inquiry but I did confirm it actually exists and specializes in that type of law. Today’s phishing email is extra suspicious because there is no law firm mentioned. The manufacturer of the adhesive dots product responded to me and confirmed it was a real issue that they were trying to resolve. In short, I have some idea what a real email of this nature looks like and this is NOT it.
I’ve been involved with business blogging as part of my work for nearly 20 years, possibly since before the term “blogs” was even in wide use, and I have a pretty good idea about what copyright violation and fair use are. If I was actually guilty of this I would know! At least I think I would. Humility is important, because while people like us are busy working at something legitimate, malicious Social Engineers are planning new schemes instead. We can never let our guard down or assume that we know everything and will easily catch every scam.
Additional Framing Techniques
The Social Engineer who created this phishing example could have used the technique of reinforcing the frame, that is causing me to think about it and therefore strengthen it, if they had done even a little bit of OSINT (Open Source Intelligence) on me (Hadnagy 166). But it’s clear they did none, other than to use my web site url which may have been scraped by a bot.
For example the phrase “Your website or a website that your company hosts” is kind of a giveaway. I would have done a little more digging if they had said “the Fiber Arts section” or something like that indicating it might not be a generic scam email. Creating an email with a more personal and specific pretext via the knowledge gained by OSINT is called spear phishing.
Negating the frame is a way of inadvertently undermining the operation by reminding the target of what they should be suspicious about (Hadnagy 165). The phishers in this case avoided that blunder – they didn’t say anything like “Beware, this is not a scam email!”
Another way of leveraging the framing of a target is hinting at or insinuating something without directly coming out and saying it. This is called evoking the frame (Hadnagy 164). I would have known what the implied threat was if the phishers had said something like “if you don’t stop using our copyrighted material we will be forced to take serious action“. Kind of like a gangster in a movie or TV show saying “this is a nice place you got here, it would be a shame if something happened to it!“
Hadnagy, Christopher. Social Engineering: The Science of Human Hacking. John Wiley & Sons, Inc. 2018.
My final exam for Social Engineering class is due at 5 pm on Friday. When I’m answering questions, it’s useful to write as though I’m explaining the concepts to a general audience. I’m going to publish these answers on this blog as I write them, before they are turned in and graded, to keep me on track to work long enough to explain completely but not so long that I run out of time and skimp on the last couple of questions (that’s what happened at the midterm exam!). A lot of people have been asking me what Social Engineering is since I’ve been in this class. I do think it’s something everyone needs to know about as part of life skills so I’ll explain the best I can. Enjoy!
Q. Discuss the art and method of Influence and Manipulation.
First I’ll define the terms according to Christopher Hadnagy, author of our textbook “Social Engineering: The Science of Human Hacking”.
Social Engineering – “Social engineering is any act that influences a person to take an action that may or may not be in his or her best interests” (Hadnagy 7).
Influence – “Getting someone to want to do what you want them to do” (Hadnagy 123).
Manipulation – “Getting someone to do what you want them to do” (Hadnagy 151).
Social engineering is part art and part science, and method is where they come together (Hadnagy 157). Hadnagy brings up cooking as an example of a pursuit that combines art and science to create a satisfactory outcome. Gardening and aquatic animal keeping are a couple of my pursuits that are similar – science knowledge is needed to keep the organisms alive, and artistry helps make the environments harmonious and attractive. There are certain needs the organisms have that must be met but I have choices in what colors I can have, quantities, how I arrange the elements, how much splashing or bubbling do I want to create a soothing sound, and other aesthetic choices that affect the total presentation.
Part of the science of SE is framing and elicitation (Hadnagy 158). Framing is how someone dynamically reacts to a situation based on life experience and internal makeup (Hadnagy 159-160). Depending on the reaction you want, artistry helps to create an approach to the frame that is appropriate to achieve the objective. Social Engineers may be called on to create characters and costumes, choose words, use props, practice acting skills, storytelling and other creative enhancements. Preparation and practice are important, as is the ability to adjust to changing situations.
Elicitation is getting a target to volunteer information (Hadnagy 168). In order to cultivate the target to be open and trusting enough to share, artistry will again be used in a planned way as well as dynamically as conversation progresses. A social engineer might plan a scenario ahead of time or create one just by observing a target. Methods such as Ego Appeals, Mutual Interest, Deliberate False Statements, displays of Knowledge and the Use of Questions are methods Social Engineers can use to subtly direct the interaction (Hadnagy 168-182). There is art in how these methods are used, and also in choosing embellishments such as the above mentioned characters, costumes, props, etc.
Q. How are each applied to a social engineering plan?
Influence – Cialdini’s Six Principles of Influence are as follows (ChangingMinds.org):
“Reciprocity: Obligation to repay.” Both wanted and unwanted gifts will create an urge to reciprocate, but if we appeal to what the target really values, we will get a greater concession in return. Gifts don’t have to be material things – good feelings in the target aroused by gifts of compliments and humor are also effective (Hadnagy 125-128).
“Consistency and Commitment: Need for personal alignment.” We have a powerful drive to meet commitments because the consistency of ideals and behavior gives us a feeling confidence and strength. I’m adding my own assumption here that this may not apply to people with psychopathy and personality disorders (“Psychopathy”). You can appeal to the urge for internal consistency in other people by getting them to agree to a small request initially then a larger one later. Victimizers use your integrity and need to make your actions match your beliefs as a weapon against you. Keeping this in mind might help us to know when it’s ok to change our minds about a commitment that is no longer serving us. Consistency and commitment can also be good defenses against attacks, since that is a good protection against people looking for examples of hypocrisy as a Social Engineering weapon against us.
“Social Proof: The power of what others do.” When we are unsure about what is safe or acceptable we often look at the behavior of others as a guide (Hadnagy 149-150).
“Liking: The obligations of friendship.” Hadnagy explains different meanings of the word “like”. We tend to like people who are “like” us in some way, that we see as a member of our tribe, and we “like” people who we think like us (Hadnagy 146-148).
“Authority: We obey those in charge.” Possessing actual authority or knowledge gives a Social Engineer more confidence to act with authority, but faking it, implying it or transferring it by seeming to associate with a genuine authority will work also (Hadnagy 140-141).
“Scarcity: We want what may not be available.” We can be Social Engineered to respond to a perceived or real scarcity of goods, sale prices, time or any kind of resources (Hadnagy 134-136).
Hadnagy lists 6 principles of manipulation (Hadnagy 153):
2. “Environmental control.”
3. “Forced reevaluation.”
4. “Removal of power.”
It’s not an accident that these tactics are synonymous with types of abuse, emotional and sometimes even physical. Abusers abuse because they want the power and control it gives them (Davenport). It isn’t only individuals who might try to abuse us – organizations can do it too. I’ve written passionately and repeatedly on this subject in my class assignments, as you know, and in other writings, because of my theory that we as a culture tend to give far too much trust to institutions that have devoted vast research and resources to manipulate, and yes, abuse.
Q. What is the difference between the two?
Hadnagy’s definitions of influence and manipulation are nearly the same in terms of wording. In both cases, the social engineer wants the target to take an action that the social engineer wants. In an influence situation, the target wants to go along with the engineer (Hadnagy 151). That is a very slight difference, and Hadnagy acknowledges that not all will agree with his chosen definitions. When I first read “How to Win Friends and Influence People” by Dale Carnegie, a friend of mine didn’t want me to read it because in his words “It teaches you how to manipulate people”. My reply to him was my interpretation of a couple of the points I thought Carnegie was trying to make – the transactions and deals you make should benefit both parties, and whatever social techniques you use to get the results you want should be sincere (Winkelmann “My Opinion of…”).
I think Hadnagy is of a similar opinion. Manipulators don’t care about the feelings or well-being of the target, and the interaction will not be remembered fondly by the target (Hadnagy 151, 153). That’s detrimental to getting future business. In Hadnagy’s case, since part of his job is to educate clients, negative feelings interfere with the learning process and are to be avoided. I think he and Carnegie would agree that it is more important for both parties to come out of an interaction both feeling good about it than for the SE to “win” the transaction by getting the better of the target.
Of course many social engineers don’t mind harming the target, or they fully intend to harm the target – that’s when their actions become manipulation. For example the same male friend who was uneasy about me reading “How to Win Friends and Influence People” used manipulation on me and another woman to try to keep us from becoming friends. All three of us were part of a group that was going on a week long backpacking and camping trip. In preparation, he told me she didn’t like me and told her I didn’t like her. So for the first day of the trip we avoided each other. Due to the way the tents worked out, we were forced to share one the first night and weren’t happy about it. The next day we both had the same thought. “She’s not so bad.” We both decided to confide in each other what the male (now former) friend had told us. We had a good laugh and became best friends until she passed away in 2003. I was Maid of Honor at her wedding!
Q. Which method is more effective (give examples of circumstances/settings to be applied)?
I think it depends a lot on the circumstances. For example, if your goal is to have a productive future relationship with a target, you will take their welfare and emotions into account so that they associate you with a pleasant experience and are open to be influenced by you because they “like” you, as Cialdini teaches. If you plan to just use and discard the target when they are no longer needed, you don’t have to consider their well-being at all.
The archetype of the “snake oil salesman” is depicted in a music video I loved and watched a lot when I was a teenager, “Say Say Say” by Paul McCartney and Michael Jackson. The protagonists are con artists who travel from town to town in a wagon selling a bogus “strength potion”. They use pre-planned pretexts, such as a script and audience plants to Social Engineer the people in a town into buying a lot of the fake potion. By the time the customers realize it’s no good, the con artists are long gone and in another town sporting a different identity. When the law catches up to them, they use a distraction to evade (Giraldi). As long as they can get away quickly enough, they are not accountable and don’t have to make a good product. They only have to create the impression long enough to get the money.
Here is a personal example of when I experienced manipulation in an airport when being solicited for a donation. A man greeted me and offered me a free paperback copy of a vegetarian cookbook. I love to cook and I love vegetables so I said “sure, thanks” and took it. I was young and this was my first time encountering this particular SE situation in an airport so was not looking for it and not prepared with defenses. The man said “Aren’t you going to give a donation?” I thought a moment and gave him a dollar. He said that isn’t enough. I was not pleased about being manipulated, so I said “I think that’s pretty good for a free book. If you disagree, you can have it back and I’ll take back the dollar”. He just looked disgusted and waved me away. I was not unhappy about giving a dollar for the book, even though it’s not something I sought out. But I love recipe books, so a free book or a dollar book, either was fine with me. But I would have balked at any more than that. Neither of us was concerned about ever seeing each other again, so it was a very low stakes situation. Since he had correctly concluded he had gotten all he was ever going to get out of me, he didn’t bother to be civil one second longer than was productive.
The larger and more powerful an organization or individual is, the more they can insulate themselves from backlash caused by self-serving, fraudulent, unkind or unfair manipulations of people. For example last summer there were large corporations taking out television ads that put their brand in a good light, showing warm and positive scenes of how they were helping their employees and customers cope with the pandemic. News stories about those brands were sometimes in direct contrast to the images in the ads. Organizations can use their money and power to “buy” morality credits by performing certain good deeds and publicizing them or just artfully appearing to. In the “Say Say Say” video we see that the fictional con artists give their ill-gotten gains to an orphanage and stop to entertain the kids, so the viewers of the video will root for them (Giraldi). This tactic works in real life too.
Marketing and Public Relations are subsets of Social Engineering, according to Hadnagy’s definition. If organizations don’t even do good deeds but claim they want to someday, or are generally in favor of good things for society and they’d love it if YOU would do them, that is enough to counteract actual corporate hypocrisy in some situations (Chen 487-490, 517-518). Influential people and organizations have the money and power to buy a lot of Marketing and PR, so they are potentially not as accountable as the less powerful. For example, from years of selling art supplies online, with Amazon being one of the platforms I sold on, I’m personally acquainted with how Amazon treats people with no power and only the most infinitesimal trace of usefulness. Admittedly already skeptical about their corporate culture, I am not the only one to ponder the disconnect between Amazon’s paid feel-good ads and news stories about how workers are treated (Barrickman and Smith). In a paper I wrote last fall about Corporate Social Responsibility and Irresponsibility I speculated about the meaning behind the amounts of corporate public donations to social justice causes by Netflix, WalMart and Amazon (Winkelmann “Corporate Social Responsibility…”). Do these amounts reflect genuine commitment to the causes, a branding technique, the amount of resources available, or the amount of morality credits they feel they need to buy to compensate for their actual activities?
A malicious Social Engineer might intend to not only evade accountability, but plan to leave the target in a weakened condition as part of the strategy. Sometimes the goal is not merely profit but total defeat of the enemy.
Barrickman, Nick and Patrick Smith. “Amazon violates its own health and safety rules in COVID-19 coverup.” World Socialist Web Site, 2020, www.wsws.org/en/articles/2020/08/05/amzn-a05.html. Accessed 10 May 2021.
ChangingMinds.org. “Cialdini’s Six Principles of Influence”. Changing Works, 2002-2021, changingminds.org/. Accessed 16 March 2021.
Chen, Zhifeng, et al. “Corporate Social (Ir)Responsibility and Corporate Hypocrisy: Warmth, Motive and the Protective Value of Corporate Social Responsibility.” Business Ethics Quarterly, vol. 30, no. 4, Oct. 2020, pp. 486–524. EBSCOhost, doi:10.1017/beq.2019.50. Accessed 28 September 2020.
Davenport, Barrie. “61 Devastating Signs Of Emotional Abuse In A Relationship.” Live Bold and Bloom, 2021, liveboldandbloom.com/02/relationships/signs-of-emotional-abuse/. Accessed 11 May 2021.
Giraldi, Bob, director. “Say Say Say.” YouTube, Paul McCartney and Michael Jackson, uploaded by Giraldi Media, 1983, www.youtube.com/watch?v=aLEhh_XpJ-0. Accessed 10 May 2021.
Hadnagy, Christopher. Social Engineering: The Science of Human Hacking. John Wiley & Sons, Inc. 2018.
“Psychopathy.” Psychology Today, 2021, www.psychologytoday.com/us/basics/psychopathy. Accessed 11 May 2021.
Winkelmann, Carolyn Hasenfratz. “My Opinion of What Marketing is About”. Carolyn Hasenfratz Design. 2020. www.chasenfratz.com/wp/my-opinion-of-what-marketing-is-about/. Accessed 10 May 2021. — “Corporate Social Responsibility and Irresponsibility”. Carolyn Hasenfratz Design. 2020. www.chasenfratz.com/wp/corporate-social-responsibility/. Accessed 11 May 2021.
This is my last week of Social Engineering class at Webster University. The textbook we have been using is “Social Engineering: The Science of Human Hacking” by Christopher Hadnagy. This book is full of powerful personal ancedotes that help me understand Social Engineering better. They also resonate deeply because so many of the anecdotes are relatable to experiences from my own life.
An example of a story that really made me think is on page 260. Hadnagy tells of talking with a friend whose family had been personally affected by a common scam. The friend was angry with him for not warning him sooner and exclaimed “If you knew these things existed, why didn’t you warn your friends?”
I have had friends get angry with me and stop speaking with me for warning them about social media and other media scams and trying to explain media literacy concepts when I saw that they were being trolled. Part of good Social Engineering is to help the people you are trying to warn become more receptive to what you are trying to teach them so they can take in the information to protect themselves against harmful Social Engineering. If someone is your friend and you care about them, you want them to know these concepts. If my attempts are too clumsy and I arouse their defenses instead of concern and I fail to warn because of that, I need to do better. That’s one of the things I’m learning in this class and others. The more I learn about media and technology as I work on a Advertising and Marketing Communications Master’s degree, the more I feel the need to warn.
I’m going to be writing a LOT this week to finish the course, and some of it is going to end up on this blog immediately and farther in the future. Hadnagy advises us not to “assume that the knowledge about these attacks is just common sense”. There are techniques in Hadnagy’s book, in our class, and in lots of other course material I’m learning that is also in classic books, around for many decades, such as “How to Win Friends and Influence People” by Dale Carnegie and “The Hidden Persuaders” by Vance Packard. I have owned those books a long time and have read them several times and I still have to work to master the material in them.
As I learned on a podcast this morning, the concept and term “Social Engineering” has been around since the late 1800s. With every new technological advance that comes along, there are new skills to learn to avoid exploitation through Social Engineering combined with other types of attacks. In order to help people find information on this blog that I think everyone should know as a life skill, I’m going to apply the hashtag #whydidntyouwarnme/ to relevant past and future blog posts.
I have also started listening to a couple of excellent podcasts that are free to listen to if you want more information about the types of media and security issues I’m trying to warn about. I think every Internet user who has something to lose, whether for personal or business reasons, needs to be informed as well as possible.
The Social-Engineer Podcast – hosted by Christopher Hadnagy himself with a variety of co-hosts as they interview leaders in the Social Engineering field.
Hacking the Humans – information about “social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world”.
What types of scams are you the most concerned about?
For our Social Engineering class, we were asked to propose to work on behalf of a real cause or a fictional one. Using ISIS as an example, how could we use similar social engineering tactics to win converts over to our cause? I decided to create a fictional organization called “Artists for Media Literacy”.
Media literacy is something I was taught in both grade school and high school, although I didn’t know then what it was called. Ever since I’ve been old enough and aware enough to realize what it was, I’ve thought it had the potential to heal many of the ills of our culture if more people acquired the skills. I felt strongly enough about it in 1998 that my first solo art show included a group project in which I encouraged people to send me postcards in the mail based on the theme “Turn Off Your Television”. Here are photos showing this project on the wall at my show, and a graphic for a postcard I sent out to help promote it.
On the left is a view of the gallery showing the TV project on the wall, and on the right is a postcard I made to promote the project.
So this is where my inspiration comes from for “Artists for Media Literacy”. Artists are trained communicators and often have a lot to say about the media and consumerism.
What techniques successfully employed by ISIS would be suitable for our group?
Isis intimidates opponents via well-produced videos, mass executions and hashtag hijacking.
“Artists for Media Literacy” is a philanthropic organization, so there will obviously be no violence or threat of violence. We have no ambition to intimidate anyone to force them to participate – we believe in individual rights and freedom and want people to voluntarily choose to adopt the media literacy techniques we propose. We do want to raise the alarm about propaganda and abusive media – so we will try to influence people to fear the consequences of not using media in a healthy way. We can use well crafted videos to promote the positive benefits of media literacy as well as the dangers of being uninformed.
Hashtag hijacking would lend itself extremely well to our cause because there are trending media-related topics going on all the time that we could hitch an awareness piece too. For example, I can check Twitter right now to see what topics are trending at this url – twitter.com/explore/tabs/trending. #Antifa and #RIP Twitter are trending right now. Those would both be great hashtags to hijack for a media literacy campaign.
Documentaries: we would not have to coerce participation from hostages to produce documentaries touting the benefits of media literacy. The challenge would be making them engaging and accessible.
Press releases: our work would be of interest to many news outlets if we target the right ones.
Instagram: this is a social media platform particularly friendly to artists, so we’d benefit from heavy use. Here is the Instagram account for the Back To Our Roots Art Show last year promoted by Webster University students – www.instagram.com/back.to.our.roots.art/. As a participant in the show, I can vouch for it’s usefulness in helping me keep track of deadlines, inspiring my vision for the work I was producing, and helping me promote the show to my social networks via attractive, branded and shareable content.
Civic forum boards: unlike ISIS, our boards would not need to be encrypted necessarily, but they should be secure to protect us from hackers.
Secure messaging: normal consumer level communications platforms should be adequate.
Battlefield drones: We won’t have battlefields in the sense that ISIS would, but if we ever have any outdoor events we could use drones to get interesting footage for videos. I’ve seen drones used that way at historic preservation events to attract interest by showing how well attended the event was and the extent of support for our cause, preserving the Gasconade River Bridge in Hazelgreen, Missouri. The organizers have succeeded in attracting large crowds in multiple years, including international Route 66 fans.
P.W. Singer, and Emerson Brooking, “How ISIS Is Taking War to Social Media”, Popular Science Magazine, 2015. Accessed through course module, 16 April 2021.